View | Details | Raw Unified | Return to bug 133890
Collapse All | Expand All

(-)b/crypto/openssh/sshd.8 (+98 lines)
Lines 685-690 cvs.example.net,192.0.2.10 ssh-rsa AAAA1234.....= Link Here
685
|1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa
685
|1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa
686
AAAA1234.....=
686
AAAA1234.....=
687
.Ed
687
.Ed
688
.Sh FREEBSD MULTIPROFILE EXTENSIONS
689
FreeBSD rc.d script for OpenSSH daemon allows to spawn more than
690
one daemon by the
691
.Nm
692
startup script.
693
When
694
.Xr rc.conf 5
695
variable named
696
.Pa sshd_profiles
697
is defined, it is treated as the list of
698
.Nm
699
profiles and multiple daemons are spawned.
700
.Pp
701
As usual, when 2nd argument to the rc.d script is given, it is treated
702
as the profile name and the specified command applies only to this
703
profile.
704
When only one argument is given, it is applied to every profile
705
that is specified in
706
.Pa sshd_profiles .
707
.Pp
708
For each profile name the following variables could be defined:
709
.Pp
710
.Bl -tag -width Ds -compact
711
.It sshd_<profile>_program
712
Full path to the
713
.Nm
714
executable for this profile.
715
Default value is
716
.Pa /usr/bin/sshd .
717
.Pp
718
.It sshd_<profile>_pidfile
719
Defines the location of
720
.Nm
721
PID file.
722
Default value is
723
.Pa /var/run/sshd.<profile>.pid .
724
.Pp
725
.It sshd_<profile>_confdir
726
Specifies the location of directory with
727
.Nm
728
configuration files and keys.
729
Default value is
730
.Pa /etc/ssh.<profile> .
731
.Pp
732
.It sshd_<profile>_configfile
733
Location of
734
.Nm
735
configuration file.
736
Default value is
737
.Pa ${sshd_<profile>_confdir}/sshd_config .
738
.Pp
739
.It sshd_<profile>_host_rsa_key
740
Location of RSA key for this instance of
741
.Nm .
742
Default value is
743
.Pa ${sshd_<profile>_confdir}/ssh_host_rsa_key .
744
.Pp
745
.It sshd_<profile>_host_dsa_key
746
Location of protocol version 2 DSA key for this instance of
747
.Nm .
748
Default value is
749
.Pa ${sshd_<profile>_confdir}/ssh_host_dsa_key .
750
.Pp
751
.It sshd_<profile>_host_key
752
Location of protocol version 1 host key for this instance of
753
.Nm .
754
Default value is
755
.Pa ${sshd_<profile>_confdir}/ssh_host_key .
756
.Pp
757
.It sshd_<profile>_flags
758
Defines the flags for
759
.Nm .
760
When this variable is defined the only meaningful
761
.Xr rc.conf 5
762
variable for this
763
.Nm
764
instance is
765
.Pa sshd_<profile>_program .
766
.El
767
.Pp
768
There is one special profile name,
769
.Pa default .
770
For this profile, the default values for all variables coincide with
771
ones for the
772
.Qq standard
773
.Nm
774
service.
775
It could be useful when one wants to add another instance of
776
.Nm ,
777
leaving the
778
.Qq standard
779
instance intact: just specify
780
.Qq default special
781
in the
782
.Pa sshd_profiles
783
and define variables only for
784
.Pa special
785
profile.
688
.Sh FILES
786
.Sh FILES
689
.Bl -tag -width Ds -compact
787
.Bl -tag -width Ds -compact
690
.It ~/.hushlogin
788
.It ~/.hushlogin
(-)b/etc/rc.d/sshd (-13 / +112 lines)
Lines 14-20 rcvar=`set_rcvar` Link Here
14
command="/usr/sbin/${name}"
14
command="/usr/sbin/${name}"
15
keygen_cmd="sshd_keygen"
15
keygen_cmd="sshd_keygen"
16
start_precmd="sshd_precmd"
16
start_precmd="sshd_precmd"
17
pidfile="/var/run/${name}.pid"
17
_pidprefix="/var/run/${name}"
18
pidfile="${_pidprefix}.pid"
19
_confdir="/etc/ssh"
20
confdir="${_confdir}"
21
sshd_host_key="${confdir}"/ssh_host_key
22
sshd_host_dsa_key="${confdir}"/ssh_host_dsa_key
23
sshd_host_rsa_key="${confdir}"/ssh_host_rsa_key
18
extra_commands="keygen reload"
24
extra_commands="keygen reload"
19
25
20
timeout=300
26
timeout=300
Lines 52-93 sshd_keygen() Link Here
52
		return 1
58
		return 1
53
	}
59
	}
54
60
55
	if [ -f /etc/ssh/ssh_host_key ]; then
61
	if [ -f "${sshd_host_key}" ]; then
56
		echo "You already have an RSA host key" \
62
		echo "You already have an RSA host key" \
57
		    "in /etc/ssh/ssh_host_key"
63
		    "in ${sshd_host_key}"
58
		echo "Skipping protocol version 1 RSA Key Generation"
64
		echo "Skipping protocol version 1 RSA Key Generation"
59
	else
65
	else
60
		/usr/bin/ssh-keygen -t rsa1 -b 1024 \
66
		/usr/bin/ssh-keygen -t rsa1 -b 1024 \
61
		    -f /etc/ssh/ssh_host_key -N ''
67
		    -f "${sshd_host_key}" -N ''
62
	fi
68
	fi
63
69
64
	if [ -f /etc/ssh/ssh_host_dsa_key ]; then
70
	if [ -f "${sshd_host_dsa_key}" ]; then
65
		echo "You already have a DSA host key" \
71
		echo "You already have a DSA host key" \
66
		    "in /etc/ssh/ssh_host_dsa_key"
72
		    "in ${sshd_host_dsa_key}"
67
		echo "Skipping protocol version 2 DSA Key Generation"
73
		echo "Skipping protocol version 2 DSA Key Generation"
68
	else
74
	else
69
		/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
75
		/usr/bin/ssh-keygen -t dsa -f "${sshd_host_dsa_key}" -N ''
70
	fi
76
	fi
71
77
72
	if [ -f /etc/ssh/ssh_host_rsa_key ]; then
78
	if [ -f "${sshd_host_rsa_key}" ]; then
73
		echo "You already have a RSA host key" \
79
		echo "You already have a RSA host key" \
74
		    "in /etc/ssh/ssh_host_rsa_key"
80
		    "in ${sshd_host_rsa_key}"
75
		echo "Skipping protocol version 2 RSA Key Generation"
81
		echo "Skipping protocol version 2 RSA Key Generation"
76
	else
82
	else
77
		/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
83
		/usr/bin/ssh-keygen -t rsa -f "${sshd_host_rsa_key}" -N ''
78
	fi
84
	fi
79
	)
85
	)
80
}
86
}
81
87
82
sshd_precmd()
88
sshd_precmd()
83
{
89
{
84
	if [ ! -f /etc/ssh/ssh_host_key -o \
90
	if [ ! -f "${sshd_host_key}" -o \
85
	    ! -f /etc/ssh/ssh_host_dsa_key -o \
91
	    ! -f "${sshd_host_dsa_key}" -o \
86
	    ! -f /etc/ssh/ssh_host_rsa_key ]; then
92
	    ! -f "${sshd_host_rsa_key}" ]; then
87
		user_reseed
93
		user_reseed
88
		run_rc_command keygen
94
		run_rc_command keygen
89
	fi
95
	fi
90
}
96
}
91
97
92
load_rc_config $name
98
load_rc_config $name
99
100
# Have some profile name in the command line?
101
if [ -n "$2" ]; then
102
	if [ -z "$2" ]; then
103
		echo "Empty profile name.  Skipping it."
104
		exit 1
105
	fi
106
	if [ "`echo "$2" | tr -dc [[:alnum:]_]`" != "$2" ]; then
107
		echo "Profile names must contain only alphanumericals and underscores."
108
		exit 1
109
	fi
110
	profile="$2"
111
	if [ -n "${sshd_profiles}" ]; then
112
113
		# Profile named 'default' has a special meaning:
114
		# it is the default system profile.  It is more
115
		# convinient to say
116
		#   sshd_profiles="default other1 other2"
117
		# and configure stuff only for additional
118
		# profile(s) without defining
119
		#   sshd_default_confdir=/etc/ssh
120
		# and others.
121
		if [ "$profile" = default ]; then
122
			_profile_namesuffix=""
123
		else
124
			_profile_namesuffix=".${profile}"
125
		fi
126
127
		# Binary name
128
		eval binary="\${sshd_${profile}_program}"
129
		if [ -n "$binary" ]; then
130
			sshd_program="$binary"
131
		fi
132
133
		# PID file
134
		eval pidfile="\${sshd_${profile}_pidfile}"
135
		: ${pidfile:=${_pidprefix}${_profile_namesuffix}.pid}
136
137
		# Configuration directory
138
		eval confdir="\${sshd_${profile}_confdir}"
139
		: ${confdir:=${_confdir}${_profile_namesuffix}}
140
		if ! [ -d "$confdir" ]; then
141
			cat << EOF
142
Configuration directory '$confdir' for profile '$profile' does not exist.
143
EOF
144
		fi
145
146
		# Configuration file
147
		eval configfile="\${sshd_${profile}_configfile}"
148
		: ${configfile:=${confdir}/sshd_config}
149
150
		# Keys location
151
		eval sshd_host_rsa_key="\${sshd_${profile}_host_rsa_key}"
152
		: ${sshd_host_rsa_key:=${confdir}/ssh_host_rsa_key}
153
		eval sshd_host_dsa_key="\${sshd_${profile}_host_dsa_key}"
154
		: ${sshd_host_dsa_key:=${confdir}/ssh_host_dsa_key}
155
		eval sshd_host_key="\${sshd_${profile}_host_key}"
156
		: ${sshd_host_key:=${confdir}/ssh_host_key}
157
158
		# Generate flags if they aren't already defined
159
		eval sshd_flags="\${sshd_${profile}_flags}"
160
		if [ -z "$sshd_flags" ]; then
161
			# Specify only non-standard configuration file name
162
			if [ "${configfile}" != /etc/ssh/sshd_config ]; then
163
				sshd_flags="${sshd_flags} -f ${configfile}"
164
			fi
165
			# Specify key location only if it is non-standard
166
			if [ "${sshd_host_key}" != /etc/ssh/ssh_host_key ]; then
167
				sshd_flags="${sshd_flags} -h ${sshd_host_key}"
168
			fi
169
			if [ "${sshd_host_dsa_key}" != /etc/ssh/ssh_host_dsa_key ]; then
170
				sshd_flags="${sshd_flags} -h ${sshd_host_dsa_key}"
171
			fi
172
			# Specify only non-standard PID file location
173
			if [ "${pidfile}" != /var/run/sshd.pid ]; then
174
				sshd_flags="${sshd_flags} -o PidFile=${pidfile}"
175
			fi
176
		fi
177
	else
178
		cat << EOF
179
Extra argument '$2' ignored.  It will be interpreted as the profile name
180
only when rc.conf(5) variable 'sshd_profiles' will be defined.
181
EOF
182
	fi
183
else
184
	if [ -n "${sshd_profiles}" ]; then
185
		for p in ${sshd_profiles}; do
186
			/etc/rc.d/${name} "$1" "$p"
187
		done
188
		exit 0
189
	fi
190
fi
191
93
run_rc_command "$1"
192
run_rc_command "$1"
(-)b/share/man/man5/rc.conf.5 (-1 / +9 lines)
Lines 3221-3226 is set to Link Here
3221
these are the flags to pass to the
3221
these are the flags to pass to the
3222
.Xr sshd 8
3222
.Xr sshd 8
3223
daemon.
3223
daemon.
3224
.It Va sshd_profiles
3225
.Pq Vt str
3226
List of SSH daemon profiles, allows to run multiple sshd binaries
3227
using system startup script.
3228
See section
3229
.Sx FREEBSD MULTIPROFILE EXTENSIONS
3230
in
3231
.Xr sshd 8
3232
for additional information on using multiple profiles.
3224
.It Va ftpd_program
3233
.It Va ftpd_program
3225
.Pq Vt str
3234
.Pq Vt str
3226
Path to the FTP server program
3235
Path to the FTP server program
3227
- 

Return to bug 133890